Loading ...

Category: Email

ESET Antivirus Troubles

Eset Antivirus - Grants Pass, OR

Working with a webhost to tighten their security settings to get PCI compliant. In doing so we ended up breaking many of their clients email access by turning off SSLv3 and TLSv1.0. I was given the task of helping all the clients fix this issue (see seperate blog post for the fix). One in particular ended up not having issues beyond the normal problems with TLS and it turned out being ESET Antivirus. Here is the story:

Unable to Access Website:

The client first mentioned that they could not access a particular website that they needed to submit government paperwork. The error was related to the certificate being out of date. I checked the site on my own computer and it came up just fine, so looked at their certificate and it was current with plenty of time left before expiring. Cleared the cache and all the normal troubleshooting steps to no avail, so had to dig deeper. Remembered that some antivirus programs scan HTTPS traffic by putting their own certificate in place of the actual certificate from the site. Looked inside ESET Antivirus and found the culprit. Under Internet Protection > Web Access Protection I turned off the HTTPS Scanner. Restarted the browser and was able to surf to the site without issues.

Hidden Messages Stuck in Outlook Outbox:

The client then mentioned that some messages weren’t sending, so looked into it and found a couple messages that were 2MB+ which I told them were too large to send. We got rid of those but then messages were still stuck but were now hidden from view. I used the typical fix for read receipts that are hidden using the MFCMAPI tool but found nothing there. Tried removing the account and re-adding it to Outlook. After the clients 8,000+ emails downloaded via IMAP the same problem began occurring again. Remembering the issues with ESET Antivirus web filtering, I decided to take a look at that again. Under Internet Protection > Email client protection I turned off all the Email Clients, Email Protocols, and Antispam Protection. Restarted Outlook and the problem persisted. Had to remove the account and re-add it to Outlook. After the clients 8,000+ emails downloaded via IMAP the problem was fixed.

All that being said, these kinds of problems are another reason that I recommend Webroot to my clients for their antivirus protection. I prefer to have the Website filtering happen at the DNS level via a company like DNSFilter.com and the SPAM / Email filtering to happen via the email provider or an email protection service like Mailprotector.com.

If your company is interested in using a real layered approach to security not just putting a software band-aid on it, then contact us for assistance.

Got everything backed up? You sure?

SaaS Protection - Grants Pass, ORAs companies increasingly move data into cloud-based applications, many administrators think traditional best practices such as data backup are outdated. After all, a Software-as-a-Service (SaaS) application is always available, accessible from anywhere, and highly redundant, so why is backup necessary?

1 in 3 companies report losing data stored in cloud-based applications. That means the permanent deletion of potentially hundreds of work hours.

The truth is that even data in cloud-based applications are vulnerable to:

  • Malware damage or ransomware attacks
  • Accidental end-user deletion
  • Malicious end-user activity
  • Operational errors such as accidental data overwrites
  • Lost data due to canceled user account subscriptions
  • Misconfigured application workflows

Datto SaaS Protection won’t let your critical data slip through the cracks. Engineered to be the leading, one stop shop for cloud-to-cloud SaaS application backup, SaaS Protection gives you consistently reliable granular backups, quick and easy restores and exports, secured data for compliance and regulatory needs, and world-class 24/7/365 support.

SaaS Protection Supports the Following Applications:

G-Suite – Protect emails, documents, calendars, sites, and contacts in Google’s G Suite.

There’s no such thing as too safe. Datto SaaS Protection goes above and beyond industry standards to make sure G-Suite data is secure, easily recoverable, and protected:

  • Automatic 3X daily backups of Google Mail, Drive, Calendar, Contacts, and Sites data
  • SOC2 Type II audited
  • Supports HIPAA compliance needs
  • Data encryption both in transit and at rest in the Datto Cloud
  • Advanced internal controls
  • Data controls and monitoring, including audit logs, uptime and availability SLAs, and export capabilities
  • Regular vulnerability management and testing

SaaS Protection saves you and your team time and stress with search filters that quickly locate backed up files and folders.. even if users can’t remember what they called them.

  • Easily track deleted items
  • Locate and browse any previous versions of documents
  • Lighten the help desk load: SaaS Protection lets users access their own backups

Office 365 – Protect Exchange Online, SharePoint Online, OneDrive, Contacts, and Calendars in Office 365.

There’s no such thing as too safe. Datto SaaS Protection goes above and beyond industry standards to make sure Office 365 data is secure, easily recoverable, and protected.

  • Microsoft Exchange, OneDrive, SharePoint, Calendar and Contacts are automatically backed up 3X a day
  • SOC 2 Type II audited
  • Supports HIPAA compliance needs
  • Data encryption both at rest and in transit
  • Data controls and monitoring tools, including audit logs, uptime and availability SLAs, and export capabilities

SaaS Protection saves your team time and stress with robust search filters that make it easy to quickly locate backed up files and folders.

  • Manage backups, view restores, and monitor activity across all of your customers from an easy-to-use dashboard
  • Zero in on emails, contacts, individual files and entire folders with our search function
  • Restore files directly to a user’s account or download them directly

If your company is G-Suite or Office 365 and want a complete disaster recovery solution, then contact us for assistance.

New Phishing Email Variant

Thought that I would share a recently received new phishing email variant that could easily be overlooked and possibly cause damage to your network. The email appears to have come from Dropbox as a user sharing a folder with me, but a closer look shows many obvious signs that the email is a fake.

Starting from the Top

Look closely at the From portion of the email:

The lettering is actually another language where the font makes it look like English lettering. There is also the fact that the email is form someone that I don’t do business with. Always fight the urge to look at things that are not yours.

Stick to the Subject

Now to take a look at the Subject line of the email:

This has different lettering but it is again a different language used to look like English lettering.

And now the rest…

The final thing that caught my eye was the “button” in the middle of the email:

It actually looked fuzzy. It turns out the entire body of the email is a single image that is a link to their malicious site. Clicking anywhere in the body of the email would send you on your way to infection or account compromise. Hope this little tutorial helps you detect other phishing attempts in the future.

If your company is having trouble with SPAM or phishing, then contact us for assistance.

Is Email Down Again?

Email Down

While troubleshooting an email encryption issue after a WHM / cPanel web server migration, my thoughts turned to email down time and what it is worth to a small business. This is the core concept behind business continuity – “Business continuity encompasses planning and preparation to ensure that an organization can continue to operate in case of serious incidents or disasters and is able to recover to an operational state within a reasonably short period.” (Wikipedia) The best way to recover from a disaster is to have planned in advance for the eventuality and have systems in place that provide redundancy when the incident occurs. When it comes to business email continuity only one name comes to mind:

Microsoft Office 365

Guaranteed UptimeMicrosoft provides a Service Level Agreement (SLA) that financially backs their services based on a guaranteed amount of uptime per month. If service is down for more than 45 minutes (99.9% uptime) in a month then a 25% credit will be given, if service is down for more than 7 hours (99% uptime) in a month then a 50% credit will be given, and if for some reason they are down for more than 36 hours (95% uptime) in a month then a 100% credit will be given. Considering the literal billions of users of their products, having to give away credits for downtime would seriously cost Microsoft so it is in their favor to keep the services flowing.

Geographic Redundancy – Microsoft has Office 365 data copied to servers in no less than 8 datacenters around the United States including one nearby in Washington. This means that a hardware failure or lost data in one center will not effect the other 7 datacenters – email will continue to be routed through the others until services can be restored to the one. With redundancy like that there should be no worries about downtime or data loss.

Unparalleled Support – Office 365 email is running on Microsoft Exchange being administered and supported by the people who created it. There is nothing like going to the creator of something to talk to them when there is a problem. They have the breadth of experience that comes from using their own products for the past 20 years. This level of knowledge is unparalleled in the industry and it shows in the quality of service and support that is received. 

If your company needs the best in class reliability and service that comes from switching to Office 365, then contact us for assistance.

Xerox Scan to Email G-Suite (Fix Error 017-714)

Recently had trouble getting a Xerox VersaLink C7025 multifunction printer to Scan to Email correctly and found a couple solutions to the problem that I wanted to share. It all started when I configured the SMTP settings for the scanner to use G-Suite to send emails using the following article – “Send email from a printer, scanner, or app” but got the error 017-714 report from the printer. Did some searching online and found the following answer:

Using Google Insecure SMTP Server

As per the same article, the multifunction will work by using the following settings:

  • Device Email: clients scanner email address
  • SMTP Server: aspmx.l.google.com
  • Outgoing Port: 25
  • Connection Security: None
  • SMTP AUTH: None

This is great if the client wants the scans emailed only to people in their own domain. This will not allow sending to anyone outside their domain, which was not what this client wanted, so I contacted Xerox support and worked my way up to Level to support who pointed me to the following more secure answer:

Using Google Secure SMTP Server

The first thing to do is to make sure that Less Secure Apps setting is allowed for the Device Email account. This can be checked at – https://www.google.com/settings/security/lesssecureapps  but you might find that it has to be changed in the G-Suite Admin Console (disabled by default on all accounts). Once logged into https://admin.google.com,  click on Security then on Basic. Choose the option to allow each user to chose their own setting then go back to the less secure app setting page and change to allow for only that account. Now the multifunction can be configured as follows:

Xerox Scan to Email G-Suite

If your company has software that needs to be automatically updated or would like to sign-up for remote monitoring and maintenance, then contact us for assistance.

Received Hacker Email

Hacker Email

Here is a recent email that I received from a “hacker” that was threatening to expose some secrets. It was an obvious fake email, but I wanted to take the time to educate on how to know a fake when you receive one:

Hacker Email Exposed

Strange Email Address: This email comes from “auf@cesco.com.br” which is an address unknown to me and the domain itself ends in BR which stands for Brazil which again I don’t do business in Brazil so why would someone from there be emailing me.

Poor English: It starts out with the over-friendly greeting and continues with “I hack your computer” then just doesn’t stop. This was likely something typed into Google Translate then pasted into an email.

They Have Everything: Unless you really have something to hide, then this should not scare you. You need to assume that anything that you post online is public information anyways – there are no secrets on Facebook.

Invalid Help: They offer to help with acquiring Bitcoin to pay them in then offer a site to find local ATMs that have this feature. They have no understanding of the area or what local banking services are available. If they know everything about me then they know where I live and could easily look up the local economic structure.

Internet Extortion: They are using extortion tactics to try and scare me into action. They are trying to “sell” me information security for $120, but if I gave into their demands then my email address would become an even more valuable asset as they would have someone they could regularly extort for funds.

What To Do

  1. Unless you have something to hide, ignore the threats. If you do have something to hide then I suggest you quit so that no one can have anything against you.
  2. Forward these emails to me. Include the “header” information by copying it from the File > Properties menu in Outlook as this will help to track down where they are from.
  3. Farmhouse Networking will alert the proper authorities about the malicious activity to help shut these scammers down.

If your company is receiving tons of SPAM or hacker email, then contact us for assistance.

Oregon Cyber Task Force – Cyber Attack Mitigation

During a recent briefing from the FBI’s Oregon Cyber Task Force in Medford, OR they detailed best practices and industry standards for cyber attack mitigation. FBI special agents started with information and statistics about the most recent threats giving specifics of how the attacks were executed. Security Architect from the State of Oregon then outlined the specifics of how to mitigate these threats properly. Here is a summation:

Current Threat Landscape

Business Email Compromise (CEO Fraud): Involves cyber criminals posing as business executives at companies that regularly perform wire transfers. After compromising the executive’s email, the criminal requests employees to perform wire transfers to the criminal’s bank account. FBI Internet Crime Complaint Center (IC3) has reported over $3 billion of losses worldwide due to this threat.

Ransomware: Ransomware is a form of malware that targets weaknesses in networks to deny the availability of critical data by encrypting it and demanding a ransom for the encryption keys to decrypt the data. Ransomware is frequently delivered through spear phishing emails to end users.

Point of Sale (PoS) Malware: Cyber criminal steals payment card data by remotely infecting PoS systems with malware without the need to physically access the cards or the devices used to process them. This allows criminals to compromise PoS systems on a large scale with larger victim base.

Insider Threat: An insider is a current or former employee who has access to an organization’s network and intentionally misuses that access to negatively affect the company. IC3 has recorded business losses from insider threat to be between $5,000 to $3 million.

Internet Extortion: Victims are threatened by cyber criminal with Distributed Denial of Service (DDoS) attack that will make access to their e-commerce site severely degraded or impossible if they victim does not pay to appease them. These can be real or fake with price tags in the neighborhood of 50 bitcoin or about $30,000.

Cyber Attack Mitigation

Here is a list of items that will need to be addressed to comprise a complete mitigation plan:

  • Create company policy in regards to how wire transfers are handled that require verbal or in-person authorization from multiple company executives
  • Create company policy restricting details that can be shared  about job duties and company hierarchy on social media
  • Review National Institute of Standards and Technology (NIST) Cybersecurity Framework and  adopt risk management processes
  • Create, implement and keep up-to-date an incident response plan
  • Create company policy and implement lawful network monitoring
  • Have proactive relationships with law enforcement agencies – silence is letting cyber criminals win

Practical Security Best Practices

  • Network Segmentation – keep the guest wireless separate from the local network, keep payment processing in its own network and keep web servers in the Demilitarized Zone (DMZ) of the network.
  • Use firewall access rules, Active Directory Group Policy and physical security measures to limit unsecure access to every segment of your network.
  • Restrict usage of administrator level access by creating alternative accounts for these purposes that are not used for local login. Keep these accounts monitored.
  • Implement automated patching and managed virus scanning on all systems. Remove any unsupported / non-updateable software or sytems on the network.
  • Restrict remote access to the network to specific users and use only secure protocols like RDP through VPN
  • Conduct periodic testing of all security measures to identify weakness or failing procedures and adjust systems accordingly

Advanced Mitigation Processes

  • Use multi-factor authentication wherever possible
  • Establish baseline of applications used then implement application whitelisting
  • Standardize encryption for data both at-rest and in-transit
  • Conduct perimeter filtering via Intrusion Detection System (IDS)
  • Regularly backup system logs in a segregated portion of the network to prevent tampering

If your company is going to use full disk encryption or has compliance requirements that you need consulting for, then contact us for assistance.

Google Apps Migration for Microsoft Outlook

Had a small client recently that wanted to move from standard hosted email service (via WHM / cPanel based server) to Google Apps. In doing the Google Apps migration I found that they had a mix of POP3 and IMAP configured throughout the organization, so using the G Suite Migration for Microsoft® Exchange like I would for larger migrations that are based in IMAP only was out of the question. I found the Google Apps Migration for Microsoft Outlook® which was better suited for doing the job in this small mixed environment.

Google Apps Migration for Microsoft Outlook

If your company is going to use G Suite aka Google Apps migration needs to be performed, then contact us for assistance.

Configure cPanel Email Distribution Group

The local volunteer fire department wanted to have a feature typically only seen in Microsoft Exchange called Mail-Enabled Distribution Groups, the only problem is that they used cPanel for their cloud email provider instead. So I was tasked with determining if it were possible to create a cPanel email distribution group with similar functionality. To my surprise this is an option and works quite well.

Create a cPanel Email Distribution Group

This tutorial is based on the Go Daddy Pro version of cPanel which is just a skinned version of the standard cPanel control panel.

  1. Login to the cPanel Main Page
  2. Scroll down to the “Email” section and click on “Forwarders”
    cPanel Email Distribution Group - Main - Email
  3. Click on the “Add Forwarder” button
    cPanel Email Distribution Group - Forwarders
  4. Here is where decisions have to be made like the vanity name of the cPanel email distribution group can be something like AllStaff or Techs which would go in the “Address to Forward” box. This does not have to be an existing email box as it will be treated as an alias.
    cPanel Email Distribution Group - Add a New Forwarder
  5. In the “Destination” section in the “Forward to Email Address” box type in a list of existing email addresses seperated by commas with no leading or trailing spaces. Click on the “Add Forwarder” to complete the creation process.

It will be easy to see now that the comma seperated list actually was used to create individual rules for each of the existing email addresses. This is a huge time saver in comparison to manually creating each one. This has been tested and verified to work. If your company is using cPanel as your cloud email hosting platform or need help setting up a cPanel email distribution group, then contact us for assistance.

HIPAA Compliant Analog Fax Transmissions

HIPAA Compliant Analog Fax

It never occurred to me that analog fax was still something used, but my kids’ optometrist asked me to fax in a copy of their insurance card. So I asked them if I could email it to them and they said that it would not be HIPAA compliant to do so to which I responded that I could send them an encrypted email – they were not amused. This interaction begged the question is HIPAA compliant analog fax possible. According to Frequently Asked Question (FAQ) section HHS.gov site:

Does the HIPAA Privacy Rule permit a doctor, laboratory, or other health care provider to share patient health information for treatment purposes by fax, e-mail, or over the phone?

Answer: Yes. The Privacy Rule allows covered health care providers to share protected health information for treatment purposes without patient authorization, as long as they use reasonable safeguards when doing so. These treatment communications may occur orally or in writing, by phone, fax, e-mail, or otherwise.

The Privacy Rule requires that covered health care providers apply reasonable safeguards when making these communications to protect the information from inappropriate use or disclosure. These safeguards may vary depending on the mode of communication used. For example, when faxing protected health information to a telephone number that is not regularly used, a reasonable safeguard may involve a provider first confirming the fax number with the intended recipient. Similarly, a covered entity may pre-program frequently used numbers directly into the fax machine to avoid misdirecting the information. When discussing patient health information orally with another provider in proximity of others, a doctor may be able to reasonably safeguard the information by lowering his or her voice.

So the short answer is a surprising yes they can do HIPAA compliant analog fax with a standard old facsimile machine with the numbers pre-programmed in. If they have moved on the digital fax technology then similar safeguards to email must be put in place for the storage and transmission of that data.

Archives

Categories

Plant a Seed @ 541-761-9549
233 Rogue River Hwy #873 Grants Pass, OR 97527
Mon-Fri: 9:00am-5:00pm
support@farmhousenetworking.com
© 2016-2024- Farmhouse Networking. All rights reserved
Terms and Conditions Privacy Policy

Evaluation Signup

[contact-form-7 id="452" title="Free Network Evaluation"]
And God will generously provide all you need. Then you will always have everything you need and plenty left over to share with others. As the Scriptures say,
“They share freely and give generously to the poor. Their good deeds will be remembered forever.”
For God is the one who provides seed for the farmer and then bread to eat. In the same way, he will provide and increase your resources and then produce a great harvest of generosity in you. - 2 Corinthians 9:8-10